Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
239492.pdf

Overview

General Information

Sample name:239492.pdf
Analysis ID:1524389
MD5:a2cfec32ffd39ea08633e5ea6b969686
SHA1:b0f6fcc50b5ae5ec44fc310ec192c4e912da5aa3
SHA256:98ce27481514e2c82eb1b8a3ad0e8afac196c2be193694e58c046f41bd634622

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 6656 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\239492.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 2940 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 4988 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1628 --field-trial-handle=1568,i,592014452895726784,4519843502274583726,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.16:49710
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.16:49710
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.16:49710
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.16:49710
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.16:49710
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.16:49710
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.16:49710
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.16:49710
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.16:49710
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.16:49710
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: classification engineClassification label: clean1.winPDF@21/33@3/67
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-02 12-06-33-876.log
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\239492.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1628 --field-trial-handle=1568,i,592014452895726784,4519843502274583726,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 6CC464D3E81869363839542CEE0D9ED6
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1628 --field-trial-handle=1568,i,592014452895726784,4519843502274583726,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 239492.pdfInitial sample: PDF keyword /JS count = 0
Source: 239492.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: 239492.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    93.184.221.240
    		unknownEuropean Union
    		15133EDGECASTUSfalse
    2.23.197.184
    		unknownEuropean Union
    		1273CWVodafoneGroupPLCEUfalse
    184.28.88.176
    		unknownUnited States
    		16625AKAMAI-ASUSfalse
    23.203.104.175
    		unknownUnited States
    		16625AKAMAI-ASUSfalse
    107.22.247.231
    		unknownUnited States
    		14618AMAZON-AESUSfalse
    172.64.41.3
    		unknownUnited States
    		13335CLOUDFLARENETUSfalse

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1524389
    Start date and time:2024-10-02 18:06:00 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:19
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    Analysis Mode:stream
    Analysis stop reason:Timeout
    Sample name:239492.pdf
    Detection:CLEAN
    Classification:clean1.winPDF@21/33@3/67
    Cookbook Comments:
    • Found application associated with file extension: .pdf

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, SgrmBroker.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 184.28.88.176
    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, fs.microsoft.com, ssl-delivery.adobe.com.edgekey.net, geo2.adobe.com
    • Not all processes where analyzed, report is missing behavior information
    • VT rate limit hit for: 239492.pdf

    Created / dropped Files

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\234f467b-4e52-486c-8678-f317518ac7ac.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:modified
    Size (bytes):403
    Entropy (8bit):4.953858338552356
    Encrypted:false
    SSDEEP:
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Reputation:unknown
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Reputation:unknown
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF678ecd.TMP (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Reputation:unknown
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bc6c9161-9ee2-4e4e-b6dd-3836945c6593.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):403
    Entropy (8bit):4.986125181176798
    Encrypted:false
    SSDEEP:
    MD5:BE9EB720E6BAF6E32C52747BC4A5D694
    SHA1:7A2D7F99E210B66D76D7EC84261BD8E9C4232A98
    SHA-256:B7FF442CB0021A8195184983F85C813CDDC4AB56B83E6B56CD05C1BDC907BF56
    SHA-512:88B17DB13E9DC294591C3C694B69E963C8F7BB8D51762B2B6F889427357012E1D2483F6D65D5E59F9CBB38922D0D16245627665EB79DD24332E8C0B8F6A2FECF
    Malicious:false
    Reputation:unknown
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372445204286631","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":130549},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241002160636Z-224.bmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
    Category:dropped
    Size (bytes):71190
    Entropy (8bit):0.9427926288089925
    Encrypted:false
    SSDEEP:
    MD5:7E28C97A626D21CC31306CF1167E3587
    SHA1:19FCC8890271B6B38ADA72249A79C6B71821741E
    SHA-256:BD94BD6954208A20A3C669C44C4732EA05A34F2B5ED0DCFA369BC1C29C98DCB0
    SHA-512:F830436C8646F2DD5A0960CD8D871EFDEDE1AFE945B76F5050BA59A919B4D8BA52FD9CCECF668BD716008AF9C010951660D2FCE9F28D4B4B20F3F60071F401EB
    Malicious:false
    Reputation:unknown
    Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
    Category:dropped
    Size (bytes):57344
    Entropy (8bit):3.291927920232006
    Encrypted:false
    SSDEEP:
    MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
    SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
    SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
    SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):16928
    Entropy (8bit):1.2138579597003811
    Encrypted:false
    SSDEEP:
    MD5:271A0FA7B3E7CB163CB431F0D14224E3
    SHA1:622C70189B2978BE00621788549AB4B176F9499B
    SHA-256:694FDFC3BA197DF9BEA8AD43802A1A5C4F9C0304CAE890C602D5B51F0D9E7CC3
    SHA-512:FB88555BB4F7449A8FB3592A8D6C72530034683B9B623F6E9262ED1C829E5C7E7AA2359FEF935B21CFCFA394BEA83AF2CDDD442641E361D073233717BBA3104E
    Malicious:false
    Reputation:unknown
    Preview:.... .c........s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Certificate, Version=3
    Category:dropped
    Size (bytes):1391
    Entropy (8bit):7.705940075877404
    Encrypted:false
    SSDEEP:
    MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
    SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
    SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
    SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
    Malicious:false
    Reputation:unknown
    Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
    Category:dropped
    Size (bytes):71954
    Entropy (8bit):7.996617769952133
    Encrypted:true
    SSDEEP:
    MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
    SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
    SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
    SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
    Malicious:false
    Reputation:unknown
    Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):192
    Entropy (8bit):2.7673182398396405
    Encrypted:false
    SSDEEP:
    MD5:5E9F6BDA187B5575F09EB8514BD61BC2
    SHA1:50F4FE1F90129DFD87A9237FAACA173043D1D831
    SHA-256:18D8A6408E8962CF0797B95E899F1A9BABCF8030E890BF5C1E523E29CD12F8BE
    SHA-512:15B8FF6885D2B718DB0F2F5CEA9CA66372DA516463F4695368D2886054EBEDD72D2C465FD163A6C721A47B8B9AA0E9AAAA83BC451E5B6402CC69AE668D1140A6
    Malicious:false
    Reputation:unknown
    Preview:p...... .........T......(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:modified
    Size (bytes):328
    Entropy (8bit):3.144086598890895
    Encrypted:false
    SSDEEP:
    MD5:8BE032C4C0E3CFD613BF927A99DCE985
    SHA1:9B939E2CEE1A71961B7DCFA8B1C09B66B45787EF
    SHA-256:36033CB07D9A510DADEA53F54FC9BB32DD90D0D2A6456251396A0382CB8A2FCC
    SHA-512:8F9ED9EE25A468B202A5C336A32F6A406DEDAEB95135F5B7D39958299371D8DA7AD578AA3F1CE76A25222267166C293EC6209DDD2F78EB392FEBCC7B58546C5D
    Malicious:false
    Reputation:unknown
    Preview:p...... ...........7....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):295
    Entropy (8bit):5.378794512388448
    Encrypted:false
    SSDEEP:
    MD5:C02E28B46656B8CE676A5CB8FEB6A35C
    SHA1:7F7E81A85DE51E7737D604738ABBC7BAEA964E85
    SHA-256:231E06A6E6A13BBF4D95EFC854566C9AF954462E788068BD975B8F9BAA198B6C
    SHA-512:8717A0108B16FE6D67B5C5944A868A76AA83F9F80DEE496A1D5BB0488C53B2597B3A5BC0DD0DA9199D6AF303F79B3EFBE1C27AF5785D73088938DB28E93745BF
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"e18b75bb-950c-46ff-a41b-d9ce08b91675","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728062035096,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.3266145508140195
    Encrypted:false
    SSDEEP:
    MD5:80E76D175043D49DB1C6A3F6DD08B449
    SHA1:1997F24DCEA792FBFCB7E79C9E4DF1962F7336DA
    SHA-256:42BF2242458C66D232C4ABC2D6DBB371A786F5F7ED0CF31A6B5249F3A348E81E
    SHA-512:D2A8BB9AC2C160646B0B345D2C8B448EB7CE3441A0C5E113ADFD91C1294B87F8FA2F059C4F2AB3BF1B9203D996658F6F317D76993CBCCF74CE3656D46FE55E6C
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"e18b75bb-950c-46ff-a41b-d9ce08b91675","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728062035096,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.305162867340025
    Encrypted:false
    SSDEEP:
    MD5:7D5E233E4414C0ADB24769858E48EA58
    SHA1:95F87824FC765589E2EC07986CD82026969EAD82
    SHA-256:7E4DEF95F7BFC41A838A3640D946F59B03ED5B0BF12EF79BCC9CABF2E441A3F3
    SHA-512:95A5BD9670B74493B164BBD6501488D35E8A5B0381713F027E14C74773231B2C122696B2DDD1B5C53C2ABDDB30F658811D5FF8418E92ADEC7C478DF5A9DB5826
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"e18b75bb-950c-46ff-a41b-d9ce08b91675","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728062035096,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):285
    Entropy (8bit):5.367716144149488
    Encrypted:false
    SSDEEP:
    MD5:4BB44CBFB8F53338087596BBBF6FAA4A
    SHA1:FA2BD3094C339579E2659B27E57B503B2F42B777
    SHA-256:BB912F7983700EDADCB1B109BAD14D6C6DD3D41C73FD88A02AB6DF3FDC0F5DA7
    SHA-512:23653E04319AFF4DB7A47EF0E7E5A8B397A6BA33000EB0736ADE063A017F8FF1B520F97614EA68AF8F7C93793D9BB31DD6CBE060BDD8FE6AA2DF7008A3599ED9
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"e18b75bb-950c-46ff-a41b-d9ce08b91675","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728062035096,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1063
    Entropy (8bit):5.670103780006339
    Encrypted:false
    SSDEEP:
    MD5:C050634B57F89B54207112346197C73D
    SHA1:484AD3384B0E73CF9D7172B125EC13F253DD00B1
    SHA-256:314E827EEEB0E73BE790EBC89C5FFCD4F696154CF0D172801F8AA3E45D4AAFEB
    SHA-512:56B26FCA255E824D43D22B7FCD23BC3138B426BED7F4FB87EEC1A8EBF5AC8E2F2F8864F56FBBAA08B892438A683AABA35D41BABC747638C240BD0492DA0DA451
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"e18b75bb-950c-46ff-a41b-d9ce08b91675","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728062035096,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1050
    Entropy (8bit):5.655287936589703
    Encrypted:false
    SSDEEP:
    MD5:00F63C6444D2F6D30CF56719D3F52B66
    SHA1:28AE80EA4F47452B28A49A83C7DBB4F40BE5F1B4
    SHA-256:6A9D36F0959832957B187D0F2E2BD6585A854947467D191498183B1987679E5F
    SHA-512:1BDBBF08EE74C33A4F370E8ED774B3E32FA45BA19F0CA206B878B632F41FD87B883D6D58890D79125E9E632417DFAAD7D31145310BD68A3B1ACD2A9F2CF23159
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"e18b75bb-950c-46ff-a41b-d9ce08b91675","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728062035096,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.318566275113058
    Encrypted:false
    SSDEEP:
    MD5:28BEEC00E6334184450A59D33485201A
    SHA1:506E8DB1A75EA8473A6381DBBEEE2FD9355E7988
    SHA-256:1154B1A2DD7030D9E9277E2BCC4FB1233D77E9DD30F7AC03F332A9FC1AE3F8AF
    SHA-512:36B147B1507E33B82BAB859DB006E54FD548BFA826D07A9D547F4693FB017AA04A856E3AF5D952D0C62C683E4A3550E7FA9D96A9D5BD114DA907BCB851F80879
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"e18b75bb-950c-46ff-a41b-d9ce08b91675","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728062035096,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1038
    Entropy (8bit):5.651227650420925
    Encrypted:false
    SSDEEP:
    MD5:19745654199FBC008A709BC1B6E88B69
    SHA1:7A7ADAEF852B4F16909E6A1055BEF32ACB892BFE
    SHA-256:299EA9B9896081074394140AE2CEE72DFDA19D12ED2995DFC8DFDB48DC3CBDEE
    SHA-512:E1BA66FEC68263949721E4DC449614A1EC7E115DE8E4AC481EDCAD3A7AFE46C153B2021E6D957CEC72385054A64F4BB397DC2179F1E6ED96B4BCB312551502FD
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"e18b75bb-950c-46ff-a41b-d9ce08b91675","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728062035096,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1164
    Entropy (8bit):5.698649754856818
    Encrypted:false
    SSDEEP:
    MD5:8AEEBF62B2883923A8CD1DCAFF89E74D
    SHA1:0DB05AE6256BADB5A14B05745DFE782E3E9BD9C6
    SHA-256:CAA17C725F7F67F71418751EB0AE027B46C307B7E867239102AC618B2B163912
    SHA-512:E60E92C3EA49148F9DAD4F38695F8CDD695B817F0308015D8A4D94CD07E58525646FA55589E4CD1537A08081FA4209DC3911EC45AD1CE051CC0EE2F746BB7FCA
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"e18b75bb-950c-46ff-a41b-d9ce08b91675","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728062035096,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.322682106281105
    Encrypted:false
    SSDEEP:
    MD5:3C87E018AF940998C6FC91A7A67B93F4
    SHA1:0FC8AD8E36B1BE3AC3CCA05D18E8F7DE459C679A
    SHA-256:96042FC1D8BE5F1D700CA12808667F70F7128C066261C9B76ADF68A33F2FEA48
    SHA-512:24976FDF6C33DB737B2E97E5BCCCF587DE48D62D3B4DEF8BE5F551B6061BC1AEE0657521D372AAC8A58E53560D3B4C6A169C31CF7D445EA1A26F073591CF17FD
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"e18b75bb-950c-46ff-a41b-d9ce08b91675","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728062035096,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1395
    Entropy (8bit):5.7734471996270775
    Encrypted:false
    SSDEEP:
    MD5:302241139B96605261EFEE7F124342BC
    SHA1:CDFF172E423B9A9E6174B49F2DC00CC8D5ED0A0F
    SHA-256:AD080EB60B95AA5F7DAD523887943FC68C8E2CE9644885CDE8735C336F850DCB
    SHA-512:668B02111D531932C0AAD0E8FF53EE7B6F7B17E523E956268DD80665C12F8991E1C768852406FD152420E243456C30A772959E86A89117D7DA01B88171E2B6AA
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"e18b75bb-950c-46ff-a41b-d9ce08b91675","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728062035096,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):291
    Entropy (8bit):5.306073313190149
    Encrypted:false
    SSDEEP:
    MD5:0E04F5A6F4D2912032B2408D166104AE
    SHA1:7B3BC42FC6C3F136E01433237B8CCB192197D403
    SHA-256:87621698CDD0197B7A2E49DD7FFE720076D7EDA98A5C4A0BF8D7A4FC4C0DCE3F
    SHA-512:CA3BC13A5B2406524C42E08193D0623895FEED9FB4975CD877A747CBD9F48037A8E0B03A602EF8D6379604C83096B7576FA4052739E29040314B40943ED58880
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"e18b75bb-950c-46ff-a41b-d9ce08b91675","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728062035096,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):287
    Entropy (8bit):5.309454207115856
    Encrypted:false
    SSDEEP:
    MD5:7005E2AD2A3A05CDFFC8CC6F29F34E0D
    SHA1:27D75DBCCFAA6EE95B02A565F686236C6BB63C18
    SHA-256:66EAD7B63E21240E381F30143595B6FD9BA91812C4B3555B852FA17450D336DE
    SHA-512:16BC171187299B6C023DF97C5FE234E8734D08B054F9786BCAB8BC71911B5EBC415C8361ADEDED8D1E340220AB76114367C048870CF5E8630173E73E9FD22B6B
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"e18b75bb-950c-46ff-a41b-d9ce08b91675","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728062035096,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1058
    Entropy (8bit):5.656921160282672
    Encrypted:false
    SSDEEP:
    MD5:A024ACCCF1DB0A26BB9C3B0C612E961E
    SHA1:991DBF74FF031AAB156C7C2924E3E82CE9333706
    SHA-256:0E636309DA1264165305B443938172E25C5802B145CB2B2F019E85923E3FE392
    SHA-512:1D3E1A19089BA94B48BC789231D828D352302587D3AF94D12B8047CADF4AB2CF862EBD7A4A90AFB9679E72E98B7B6B5E8E6AA995ACB4D3FD16B5B705C4A8F76E
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"e18b75bb-950c-46ff-a41b-d9ce08b91675","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728062035096,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):286
    Entropy (8bit):5.286501066899328
    Encrypted:false
    SSDEEP:
    MD5:6159B63F18E39FEF0E0CC89D35844E2F
    SHA1:A27C172EE22778095AB28C497A9F5295E3A2E8E7
    SHA-256:F3DB7E3139AC5E265077190700256432EAA8C96A3FDE62C566740CFE06B7EE40
    SHA-512:FF87C6F66F97B24D51A32180A56684D90740F97114F90B9ADB604853DE17C9F34F93B1211938A8183DA6C8C6CE9AD021988C342F33C02CA233E9AEEA5EC58B2F
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"e18b75bb-950c-46ff-a41b-d9ce08b91675","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728062035096,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):782
    Entropy (8bit):5.371034457247179
    Encrypted:false
    SSDEEP:
    MD5:2EA93017304C4CDF863D017024E72A05
    SHA1:5089157FB94CB70ABCEDDC3D0347CE508EE8119E
    SHA-256:D65A73697FE1BDF94BF109F8A512CA523FF3250C8C5E7CC1CF09E63960EEE266
    SHA-512:427084F415EE91ED0FF4E07A0025E9B8264BC59705ADC864AC45B80B4F4ABDB8A9B72CE38061126645D38DD5410CD2B818FFD2511546C19EA060BED0D8E574FF
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"e18b75bb-950c-46ff-a41b-d9ce08b91675","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728062035096,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1727885200130}}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):4
    Entropy (8bit):0.8112781244591328
    Encrypted:false
    SSDEEP:
    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
    Malicious:false
    Reputation:unknown
    Preview:....

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):2818
    Entropy (8bit):5.140743857484184
    Encrypted:false
    SSDEEP:
    MD5:179B17DDA66BA3EFA01A83A66A5BFA8B
    SHA1:5800DF5DDF14196D0C42C8BECEF24FD462E44F37
    SHA-256:EE97DD39939188CDCBEF837A67188CFAA91370115EEECABB1D2B74DEC94A97F5
    SHA-512:5041694DC3D2EE4832F06C4D85DAAB7116C50F002B02A9082C0CE43305DB3FC604C50DD04E70F37C61221FD2E5C330026FD2F03B0FC944AD835CDD690F4DA5C0
    Malicious:false
    Reputation:unknown
    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"c0cc6c1d7a23fd74c75e41f85ab88d51","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1727885199000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"10176196a9225841252f6a6a2538d3a3","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1727885199000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"04bb158d20737dba6654c873bf93470d","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1727885199000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"2be5a48fb86ff71ba07dd2dd1ca4c5e2","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1727885199000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"977fcde742a559cd536e78e8cd21b361","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1727885199000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"61805517eefc3ad59fc9fa6689020231","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"t

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
    Category:dropped
    Size (bytes):12288
    Entropy (8bit):0.987743459931891
    Encrypted:false
    SSDEEP:
    MD5:09FAA2BE47F779031EC0269C28E2A4F0
    SHA1:5E9C7B2651745CF1C6DEEB8B7671D9559F4BCBEF
    SHA-256:8A5F358C5BC7449C3BA9BBBEF7019AD67DC1A5EBE298C922BD53FE041DB0B61E
    SHA-512:724F3509DF1549925649CA8B462B886AEA7A3CA2A703C03E32293C7FAF48E101C0F933B6705F357B0F6FE849FA0C54B6EA06A7B28FE50A3E159A21F169166319
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):1.3447829084149776
    Encrypted:false
    SSDEEP:
    MD5:AB873329361C444F4CCB4D9B6440AE4D
    SHA1:97A090AEFD24E86AE2503A8558D717230EE5DCE7
    SHA-256:58A8AD4DC31873A0284F21E5CCE281C7439063C399C8F8D4503FA72BEF1BA46D
    SHA-512:6CF61BB842907722C99450790D6C260397A7FD9F65D6689488197C0843AA37CBEEABA41BD8266AA1FE242D3897402111B9F027517ACB6C102964186B898B373A
    Malicious:false
    Reputation:unknown
    Preview:.... .c......<........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\MSI67ba8.LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):246
    Entropy (8bit):3.5193370621730837
    Encrypted:false
    SSDEEP:
    MD5:82BC8F80BADC55712D76D405A73EEC2B
    SHA1:3696961E2A84A8F047C4E908674A477072CFD88C
    SHA-256:DC32FD811C308D0A7AD6C637CDE6300CB99DAEF6A23C33A79902CB5DF7DD10D3
    SHA-512:9B600B872BEC72F73A906CC8062B55EC316F4E520E7FB860F6A8BB10A02036776E2FFA83C19AFD5D258FE943A7CE492256B3CAB06D42F44032D08624699CEE5A
    Malicious:false
    Reputation:unknown
    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.2./.1.0./.2.0.2.4. . .1.2.:.0.6.:.3.9. .=.=.=.....

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-02 12-06-33-876.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393)
    Category:dropped
    Size (bytes):16525
    Entropy (8bit):5.353642815103214
    Encrypted:false
    SSDEEP:
    MD5:91F06491552FC977E9E8AF47786EE7C1
    SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
    SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
    SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
    Malicious:false
    Reputation:unknown
    Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):29752
    Entropy (8bit):5.415117259869283
    Encrypted:false
    SSDEEP:
    MD5:3A8CEE56B895634237D3B0A59B402088
    SHA1:5F8303DBBECB88B27E8B4D04C5F70BE1C9718D77
    SHA-256:FABD6813BB24AD940DC1F106FFE0414E271C556BBF80B2AA27589511317C2CA5
    SHA-512:6D6598A7EF3D1E92A2F697CFE1DCDC84982E6D2050244693E27169A5B321D35BA40A378AB17418328BF718402D93474B0085E2EBE59071C53AB179F769CA2386
    Malicious:false
    Reputation:unknown
    Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

    Static File Info

    General

    File type:PDF document, version 1.4, 1 pages
    Entropy (8bit):7.948591496218067
    TrID:
    • Adobe Portable Document Format (5005/1) 100.00%
    File name:239492.pdf
    File size:29'817 bytes
    MD5:a2cfec32ffd39ea08633e5ea6b969686
    SHA1:b0f6fcc50b5ae5ec44fc310ec192c4e912da5aa3
    SHA256:98ce27481514e2c82eb1b8a3ad0e8afac196c2be193694e58c046f41bd634622
    SHA512:b57b1689435626ad1ee55241e97d5044f9e66489ee0bdd291aab19328b5664d59683c988b9c9cc99cdffd338d9602eac812cb279ccd8ab51ec2c540af1e38f4c
    SSDEEP:768:SMbC3MgZF3ZmLIGMZ0f5aEBF1PqkldGf7O:DbLg3ZmLIgqkldGfq
    TLSH:6AD2E108BD098ECDEAD4A383FB165137A42FBD8221C5D5852471E6C3298CF5B6E63A52
    File Content Preview:%PDF-1.4..5 0 obj..<<../Type /XObject../Subtype /Image../Filter /FlateDecode../Length 11205../Width 369../Height 166../BitsPerComponent 8../ColorSpace /DeviceRGB..>>..stream..x...y\U...i...e.Cj!.B*.2i..........Y...S.h.sN...3......"....2.)V^.*3.V.....{..9{

    File Icon

    Icon Hash:62cc8caeb29e8ae0

    Static PDF Info

    General

    Header:%PDF-1.4
    Total Entropy:7.948591
    Total Bytes:29817
    Stream Entropy:7.987418
    Stream Bytes:27282
    Entropy outside Streams:5.165747
    Bytes outside Streams:2535
    Number of EOF found:1
    Bytes after EOF:

    Keywords Statistics

    NameCount
    obj17
    endobj17
    stream5
    endstream5
    xref1
    trailer1
    startxref1
    /Page1
    /Encrypt0
    /ObjStm0
    /URI0
    /JS0
    /JavaScript0
    /AA0
    /OpenAction0
    /AcroForm0
    /JBIG2Decode0
    /RichMedia0
    /Launch0
    /EmbeddedFile0